Online Exam Joining Instructions - VA+ exam
Please use the instructions below to help you organise your remote exam.
Please contact us if you have any queries.
Taking an Online Exam at The Cyber Scheme – what you need to know.
Access to a stable internet connection on the day of your exam (30 Mpbs or greater is preferable) with unfiltered outbound internet access. Restricted or heavily locked down corporate devices may be unsuitable. A wired connection is preferable to ensure a consistent connection but a reliable WiFi connection should be fine also. Mobile device tethering is not recommended, however.
The WireGuard VPN client installed on your device. This must be the same device where your vulnerability scanner is installed to ensure your scans can run successfully over the VPN connection.
A VPN configuration will be provided at the start of your exam.
Teems meeting link will be sent to you the day prior.
WireGuard VPN
Please install the Wireguard VPN client before the assessment.
Please note activating the VPN client outside of the assessment timeslot will cause your device to lose access to the internet. This is by design. Simply turn off the VPN to re-enable your internet access. You can only use the internet through the Cyber Scheme VPN during the assessment time slot, not before or after.
Windows
Browse to: https://www.wireguard.com/install/
Download and install the client then import the .conf (configuration file supplied by the Cyber Scheme).
Linux
apt update
apt install wireguard
You will be sent a config file from the Cyber Scheme.
FAQs
Where should I install Nessus? – in Windows is fine.
What Nessus licence do I need? – any is fine, we recommend the free essentials licence. Please note Nessus Essentials has a limit to 16 IPs Addresses that can be used for vulnerability scans.
Can I use any VA software? – Yes, use any you like.
Do all candidates get their own network / devices to scan? – yes you cannot affect the other candidates.
Taking an Online Exam at The Cyber Scheme – what you need to know.
You will need to connect to a video conferencing solution.
Please have vulnerability assessing (VA) software available on your device ready for the exam. We recommend the use of Tenable Nessus for the assessment; however other options are available if required.
Please have available during the assessment:
- A webcam
- A microphone and speakers (ideally a headset)
- Photo ID – passport or driving licence.
Only one display screen is allowed during the exam so either a laptop with no external monitors or a desktop with a single display.
Rules for online invigilated / proctored exams / assessments
Any violations or attempts to cheat / game or copy the exam materials will be fully investigated by the Cyber Scheme and your qualification may be at risk if you are in breach of these rules. You will be asked to confirm that you have read the non disclosure agreement here before sitting the exam.
- Ensure a suitable environment for the exam has been selected. The candidate must be alone in the room with the door closed.
- Do not have music, TV, radio or background noise during the exam.
- Do not use more than one screen. Extra external screens are not allowed (Laptops – use the laptop screen only, Workstations – use a single monitor/screen).
- Mobile phones, phones and communication devices must only be used to call the assessor or for timing your exam. It is not to be used for searching the internet or communicating with anyone other than the assessor. Do not answer your phone or text messages during the assessment unless it is the assessor.
- Headsets and earphone should only be used to communicate with the assessor and no one else.
- Wearable technology such as tech watches, etc. should not be worn during the exam. Normal watches used for timing the exam is allowed.
- The candidate should minimise leaving the room for toilet breaks or beverages unless agreed with the assessor / invigilator. Please use the bathroom and have snacks / drinks ready before beginning the exam.
- Communication with the assessor via video conferencing / chat during the assessment is expected and allowed.
- Any attempt to copy the exam paper or the exam rigs beyond gaining evidence for your exam is considered as a breach of the assessment rules. (Screenshots for evidence of achievement is allowed, excessive screenshots or screen recording is not.)
- All exam materials must be removed from your systems before the exam is completed. Failure to comply with this will result in a fail and will be considered a breach of the assessment rules.
- The assessor will ask you a series of questions and do a series of checks to make sure Cyber Scheme exam conditions are being adhered too. Part of this will involve showing photo ID so please have your photo ID ready to hold up to your webcam.
Assessment Marking Criteria Matrix
All candidates will get feedback and this marking and feedback matrix will be used:-
Pass / Success Criteria:
Software Assessment – 4 out of 5
Soft Skills Assessment – 4 out of 5
Technical Interview – 4 out of 5
Multiple Choice Quiz – 18 out of 30.
The assessment is in three parts, practical (including scope and scanning), technical interview and multiple-choice quiz.
Assessment Marking and Feedback
Criteria | Fail | Pass | Comment |
Software Assessment |
|
| PASS/FAIL |
Scanned all devices in scope |
|
|
|
Did not scan out-of-scope devices |
|
|
|
Found a critical-risk or high-risk issue |
|
|
|
Scanned for default credentials |
|
|
|
Configured both Windows and Linux credentials successfully |
|
|
|
Soft Skills Assessment |
|
| PASS/FAIL |
Candidate was polite and professional throughout the assessment |
|
|
|
Explained technical issues to both technical and non-technical audiences |
|
|
|
Was able to summarise findings and prioritise what an executive would care about |
|
|
|
Mitigated risks before the vulnerability assessment |
|
|
|
Understands the laws and ethics associated with cyber security (including permission to scan before the vulnerability assessment) |
|
|
|
Technical Interview |
|
| PASS/FAIL |
Understands networking protocols (ICMP, TCP, UDP etc) |
|
|
|
Gave good mitigation advice |
|
|
|
Gave good defence in depth advice |
|
|
|
Gave good pushback / follow up advice |
|
|
|
Could answer a technical question around current vulnerabilities |
|
|
|
Multiple Choice Quiz |
|
| PASS/FAIL |
Score equal to or above 18 |
|
|
|
Additional notes | |||
| |||
Final Grade: PASS/FAIL | |||
Remote Assessments and Reasonable Adjustments
The Cyber Scheme will, where possible, make provision for any additional time or support that might be required. Please contact The Cyber Scheme at least 3 working days ahead of the exam to ensure appropriate adjustments are made and the assessor is properly briefed.
You will need to provide adequate information about your needs in order for the appropriate adjustments to be made. The Cyber Scheme takes seriously the management of sensitive PII and as such will not make a formal record or retain any information provided other than to support any preparation an Assessor might need to undertake, and a record of any additional time allowed. All provided PII information will be deleted after the conclusion of the assessment.
